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Abstract 

In this paper, we show how pattern matching can be seen to arise 
from a proof term assignment for the focused sequent calculus. 
This use of the Curry-Howard correspondence allows us to give 
a novel coverage checking algorithm, and makes it possible to give 
a rigorous correctness proof for the classical pattern compilation 
strategy of building decision trees via matrices of patterns. 

Categories and Subject Descriptors F.4. 1 [Mathematical Logic] : 
Lambda Calculus and Related Systems 

Keywords Focusing, Pattern Matching, Type Theory, Curry- 
Howard 



style pattern matching. This calculus also extends easily to 
encompass features like recursive and existential types. 

• Second, we give a simple inductive characterization of when 
a pattern is exhaustive and non-redundant, and prove that this 
algorithm is sound. This is of interest since it is a coverage 
test that does not involve examining the output of a pattern 
compilation algorithm. 

• Third, we reconstruct the classical matrix-based method of 
compiling patterns into decision trees in terms of our for- 
malism, and prove its correctness. This correctness result is 
stronger than prior results, since it is based directly upon the 
language's semantics. 



1. Introduction 

From the point of view of the semanticist, one of the chief at- 
tractions of functional programming is the close connection of the 
typed lambda calculus to proof theory and logic via the Curry- 
Howard correspondence. The point of view of the workaday pro- 
grammer seems, at first glance, less exalted — one of the most 
compelling features in actual programming languages like ML and 
Haskell is the ability to analyze structured data with pattern match- 
ing. But pattern matching, though enormously useful, has histor- 
ically lacked the close tie to logic that the other core features of 
functional languages possess. The Definition of Standard ML (Mil- 
ner et al. 1997), for example, contains a suggestion in English that 
it would be desirable to check coverage, with no clear account of 
what this means or how to accomplish it. 

Our goal is to rectify this discrepancy, and show that the se- 
manticist ought to be just as interested in pattern matching as the 
programmer. We show that pattern matching has just as strong a 
logical interpretation as everything else in functional programming, 
and that filling in this part of the Curry-Howard correspondence en- 
ables simple correctness proofs of parts of the compiler (such as the 
coverage checker and the pattern compiler) that required consider- 
able insight and creativity before. 

Specifically, our contributions are: 

• First, we give a proof term assignment for a focused sequent 
calculus, which naturally gives rise to pattern matching. Then, 
we show how to extend this calculus to properly model features 
of ML-like pattern languages such as as-patterns, or-patterns, 
incompleteness, and the left-to-right priority ordering of ML- 
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2. An Introduction to Focusing 
2.1 The Focused Sequent Calculus 

A rule of a logical system is called invertible when the conclusion 
of the rule is strong enough to imply the premises; that is, when 
the rule can be read bidirectionally. For example, the right rule for 
implication in the sequent calculus is invertible: 

r,A\- b 
r h a -> b 

We can give a proof that this rule is invertible by showing that the 
conclusion lets us deduce the premise: 



r h a 



r, A h A -> B 



Weak 



t,a h a 



Hyp 



T,A, B h B 



Hyp 



r, A, A -» B h B 



r, a h b 

Since the conclusion can be deduced from the premises, and the 
premises follow from the conclusion, this means that applying 
an invertible rule cannot change the provability of a sequent — 
the same information is available. (In contrast, a rule like sum- 
introduction is not invertible, since the knowledge that A + B holds 
is less informative than knowing that, say, A holds.) 

This is problematic for applications involving proof search, 
such as theorem proving. The fact that we can apply invertible 
rules at any time means that there are many equivalent proofs that 
differ only in the order that inversion steps are made in, which 
increases the size of the theorem prover's search space with no 
benefit. Andreoli introduced the concept of focusing (Andreoli 
1992) as a technique to reduce the nondeterminism in the sequent 
calculus. First, he observed (as had others (Miller et al. 1991)) 
that applications of invertible rules could be done eagerly, since 
inversion does not change provability. Then, he observed that each 
connective in linear logic was either invertible on the left and non- 
invertible on the right (the positive types), or invertible on the right 
and non-invertible on the left (the negative types). Finally, he made 
the remarkable observation that in a fully inverted sequent (i.e., one 
in which no further inversions are possible), it is possible to select 



Cut 



a single hypothesis (on either the left or the right) and then eagerly 
try to prove it, without losing completeness. This fact explains the 
name focusing; one can "focus on" a hypothesis without losing 
completeness. We give a version of the focused sequent calculus 
for intuitionistic logic below. First, we group the connectives. 



Types A 
Positives P 
Negatives N 



X | 1 | A x B | 
X | 1 | A x B | 
X I A -> B 



A - 
0 I 



. B 
A4 



I 0 
B 



I A- 



The types are unit 1, products A x B, void 0, sums A + B, 
function spaces A — > B , and atomic types X. Sums and products 1 
are positive, and function space is negative. Atoms are treated as 
either polarity, as convenient. This system has four judgements. 
First, we have a right focus phase T h A, in which we try to prove 
a positive formula on the right. As usual, V is taken to be a list of 
hypotheses, with the rules presented in such a way as to make the 
usual structural properties (exchange, weakening and contraction) 
admissible. 



r h a 



r h i 



1R 



r h a 



r h b 



r h A x B 



xR 



r h a 

r\- a + < 



+R1 



r h b 
r h a + > 



+R2 



r ; ■ h n 
r h n 



BlurR 



Since the leaves of a positive proposition can contain negative for- 
mulas, the BlurR rule lets us transition to the two-context right 
inversion judgement V; A h A, in which a negative proposition on 
the right is inverted. Since the only negative connective is implica- 
tion, this means moving the left-hand-sides of arrows A — > B into 
the context A, which can contain arbitrary positive or negative for- 
mulas. The A context is ordered - the structural rules of exchange, 
contraction and weakening are not permitted in this context. 



r ; a h a 



F; A, A h B 



r ; a h a - 



B 



+R 



r ; A>p 
r ; a h p 



BlurL 



Once the right-hand-side is positive once again, we have to con- 
tinue with inversion on the left before we can resume focus. This 
brings us to the left-inversion phase F; A t> P, which inverts all of 
the positive hypotheses on the left starting from the leftmost end 
of the pattern context, and moves negative hypotheses into T. The 
ordering of A forces the left-inversion rules to be applied from left 
to right, eliminating the irrelevant choice of which order to apply 
the left-invertible rules from the calculus. 



r ; A>P 



T,N; A > P 
F;N,A[>P 

T; A,B, A > P 
T;AxB,A[>P 



HypL 



XL 



T; A >P 

r ; i,A>p 



1L 



0L 



1 Intutitionistic products can be either negative, with projective elimina- 
tions, or positive, with a let-binding elimination. This corresponds to the 
fact that intuitionistic products can be seen as corresponding to either one 
of the linear connectives AkB or A <g> B. We choose the latter, since it 
has a let-binding elimination letpair (x, y) = e in e' and this is the more 
natural elimination to explain pattern matching. 



T;A,A>P T;B,A>P 



V;A + B,Ac>P 



+L 



r h p 

V; >P 



FOCUSR 



r \>x 
ry >x 



FOCUSL 



r>p r ; p><2 
r ; - >q 



FOCUSLP 



Once the pattern context is emptied, we can resume focus, either 
returning to right focus via FocusR, or by switching into the left 
focus phase r t> A, in which we focus on a hypothesis in the 
negative context. 



A e r 
r > A 



Hyp 



r > a 
v>a 



r h a 



rt>B 



Note that this focused sequent calculus is a restriction of the 
traditional sequent calculus: if we collapsed all of the judgements 
into a single judgement, elided the focus and blur rules that move 
us between judgements, and turned the semicolon separating the T 
and A contexts into a comma, then each of these rules would be 
one of the standard rules of the sequent calclus 2 . So it is easily 
seen that every focused proof has a corresponding proof in the 
regular sequent calculus. The completeness proof for focusing with 
respect to the sequent calculus is a little bit harder, and can be found 
elsewhere (Liang and Miller 2007). 



2.2 A Proof Term Assignment 

The next step on our path is to assign proof terms to this calculus. 



Positive Right e 

Negative Right u 

Arms (Positive Left) r 
Applications (Neg. Left) t 

Patterns p 

Ordinary Contexts V 

Pattern Contexts A 



() | (e, e') | inl e | inr e | u 
Xp. u | r 

[] | [r | r'] | e | t \ case(t, p => r) 

* ! (> C | (p,p') I 0 I Hp'] 

■ | V,x : N 

■ I A,p:A 



r h e : A 



r h ei : A 



B 



+R1 



T h (ei,e 2 ) : A X B 
T h e : B 



rT()7T 1R 

r h e : A 

rhinle:A + P T\-\me:A + B 

h» : N 

BlurR 



xR 



+R2 



T h u : N 



r ; Ahti:i 



T; A,p : Ahu: B F;A>r : P 

T; A h Xp. u : A -* B ~* f;Ahr:P 



BlurL 



2 In fact, the —*L rule is the natural deduction elimination rule for implica- 
tion, rather than a true left rule of the sequent calculus. We do this to keep 
the upcoming proof terms more familiar. 



T; A > r : A 



HYPL 



T;A>r : P 
T;(> :l,A>r:P 



F,x : N; A>r : P 
T;x : N,At>r : P 

T;p : A,p' : B,A>r : P 
T; (p,p') : A X B, A >r : P r ; []:0,A> 

r;p:A, A >r:P V; p' : B, A > r' : P 



1L 



xL 



OL 



T h e : P 



T; [p | p'\ : A + B, A > [r | r'] : P 
r >t : X 



ry >e : P 

r >t : P 



FOCUSR 



r ; - >t :X 
T;p : P > r : 



+L 



FOCUSL 



T; • > case(t,p => r) : - 



T >t : A 



x: A&T 
T\>x: A 



Hyp 



T > t : A 



FOCUSLP 



The: A 



Vote: B 



These rules exactly mimic the structure of the sequent calculus 
we just presented. The proof terms for the right focus judgement 
T h e : A consists of all of the introduction forms for the 
positive types. For the type 1, we have (}; for products A x B, 
pairs (e, e'); for sums A + B, the injections inl e and inr e; and 
the empty type 0 has no introduction form. There is an interesting 
interaction between the syntax and the typing judgement here; 
while the negative introductions u are included in the productions 
of the syntactic class e, the typing rule BlurR only permits us to 
use these at a negative type. (A similar story can be told for all of 
the other inclusions — of r in u, and t in r.) 

Negative introduction forms — that is, functions — are typed 
with the judgement T; A h u : A, and the proof terms are 
lambda-terms \p. u. Our lambda terms differ in two respects from 
the usual presentation of functions in the lambda calculus, one 
minor and one major. The minor difference is that we need no 
type annotation for the binder — this is because focused calculi 
are inherently bi-directionally typed. 3 The major difference is that 
instead of a variable binder Ax. u, we have a pattern as the binder 
for a function. This will be common to all the binding forms of our 
language, and is where most of the novelty of this calculus resides. 

The introduction rule for functions — >R moves the pattern from 
the proof term into the right-hand side of the pattern context A. 
The reason we say "right-hand-side" in particular is because the 
pattern context is an ordered context — we cannot make free use 
of the rule of exchange. So a context p : A,p' : B, A is considered 
to be different from a context p' : B,p : A, A. This is unlike the 
behavior of the ordinary variable context F, in which we identify 
permutations. Furthermore, instead of mapping variables to types, a 
pattern context assigns types to patterns — in the previous example 
p and p are schematic variables. 

The patterns themselves range from the familiar to the unfamil- 
iar. We have a variable pattern x, unit pattern (}, and pair patterns 
(p,p'), which all match the syntax of patterns from ML. However, 
we depart quite radically from ML when we reach the case of sum 
patterns. A pattern for a sum type A + B is a pattern [p \ p], which 
can be read as a pattern p for the left branch, and a pattern p' for 



3 Concretely, the typing judgements form a well-moded logic program. All 
of the judgements take the contexts and proof terms as inputs. Bidirection- 
ality arises from the fact that the type argument is an output of the r > t : A 
judgement, and an input of all of the others. 



STLC 


Focused STLC 


abort(t) 


case(t,[] => []) 


case(t, xi. ti, x. (2) 


case(t, [m | x 2 ] => [ti | t 2 ]) 


letunit () = t in t' 


case(t, (} => t') 


letpair (x, y) = t in t' 


case(t, (x, y) => t') 


let x = t in t' 


case(t, x => t') 



Figure 1. Traditional and Focused Eliminations 



the right branch. This choice deviates from the ML practice of hav- 
ing separate patterns for each constructor, but it has the benefit of 
ensuring that a well-typed pattern will always be complete. 

After decomposing all of the implications, we have a pattern 
context A and an arm r. Now, we come to the reason why the 
context must be ordered. Patterns and arms are separate: patterns 
live in the pattern context on the left of the turnstile >, and the 
body of the proof term, r, carries the arms. So we must regard A as 
an ordered context to track which branches of a sum-pattern [p \ p'] 
correspond with which arms [r \ r']. This can be seen in the sum 
elimination rule +L — given a pattern hypothesis [p | p'\ : A + B 
at the left-most end of the context, and an arm body [r | r'\, we 
break it down into two premises, one of which uses the pattern/arm 
pair p : Air, and the other of which uses p' : Blr 1 . If we were 
free to permute the pattern hypotheses, then we would lose this 
correlation. 

As an aside, note that functions, as inhabitants of the negative 
type A — ► B, are only bound with variable patterns. So the struc- 
ture of the sequent calculus naturally precludes decomposing func- 
tions with pattern matching, showing that this is not an ad-hoc re- 
striction. Furthermore, each variable in a pattern becomes a distinct 
addition to the context T, so repeating variables does not require 
their equality; it will shadow them instead. So the linearity restric- 
tion on ML-style patterns can be seen as a restriction that forbids 
patterns that shadow their own bindings. 

After decomposing all of the pattern hypotheses, we can either 
apply a function with the FocusL rule, or we can apply a function 
and case analyze the result with the FocusLP rule. The proof 
term of the FocusLP rule is case analysis, and this offers us 
an opportunity to examine how the pattern elimination compares 
with the traditional elimination constructs for sums and products. 
In Figure 1, we give a table with the traditional eliminator on the 
left, and the focused elimination on the right. Observe that we have 
an elimination form for the unit type — this is in analogy to the 
elimination for the type 1 in linear logic, which is the unit to the 
tensor A C8> B. 

Since the syntax of patterns allows nesting, we can also express 
case expressions like the following SML expression: 



case t of 

(Inl x, Inl u) 
I (Inr y, Inl u) 
I (Inl x, Inr v) 



I (Inr y, Inr v) 
in our focused calculus: 

case(t, {[x I y], [u \ v]) 



> tl 

> t2 

> t3 

> t4 



[[ti I t 2 ] I [t 3 I U]]) 



Instead of writing a series of four disjuncts, we write a single 
pattern ([x | y], [u \ v]), which is a pair pattern with two sum- 
patterns as subexpressions. The ordering in our context means that 



the nested arm [[ti \ £2] | [£3 | £4]] will be decomposed by the left- 
hand sum-pattern [x | y], yielding either [ti j £2] or [£3 | £4], and 
then the result will be decomposed by the right-hand sum-pattern 
[u I 11]. In other words, it is also possible to see this pattern calculus 
as a shorthand for writing nested case statements. 

2.3 From Sequent Calculus to Programming Language 

All of the well-typed terms of this language are in /3-normal, jy-long 
form. This property is enforced by the rules to transition between 
the judgements, which limit at which types they can be applied. For 
example, the BlurR rule only allows departing the right positive 
judgment at a function types, which means that a tuple containing 
a function component must have it as a lambda-abstraction. 

This restriction is extremely useful in a type theory intended for 
proof search, since this means that the system is cut-free. However, 
the Curry-Howard correspondence tells us that evaluation of func- 
tional programs corresponds to the normalization of proofs. There- 
fore, we must add the Cut rule back into the calculus in order to 
get an actual programming language. This introduces non-normal 
proofs into the calculus, whose corresponding lambda terms are 
non-normal forms that we can use as programs that actually com- 
pute results. 

To write 77-short terms in our langauge, we relax the restrictions 
on how long we retain focus and how far we decompose invertible 
types. We allow hypotheses of arbitrary type in T, and relax the 
BlurR, BlurL, FocusR, FocusL and FocusLP rules so that they ac- 
cept subterms at any type A, rather than just at positive or negative 
types. Then, to allow non /3-normal terms, we add a type-annotated 
term (e : A) (with rule ANNOT), which permits normal forms to 
appear at the heads of case statements and function applications. 
We also introduce a notion of value for our language suitable for a 
call-by- value evaluation strategy, with strict sums and products and 
no evaluation under lambda-abstraction. 



pi, and then do another pattern substitution on the result, matching 
vi against p2- When we reach a sum-pattern [pi | P2], we decide to 
take either the left branch or the right branch depending on whether 
the value is in I v or in r v. Finally, when we reach a variable pattern, 
we substitute the value for the variable. Since variables are in the 
category of negative focus terms t, we wrap the value in a type 
annotation (v : A) to ensure that the result is type-correct. 

This definition of pattern substitution that satisfies the following 
principle: 

Proposition \.lf-\-v-.A, then: 

• IfT;p : A, A h u : C, and R {{v/p)) A u ^ u , then V; A h 
u' : C. 

• IfT;p : A, A E> r : C, and L ((v/p)} A r r', then Y; A E> r' : 
C. 

If we have a value v of the appropriate type, and a well-typed 
term r in a pattern context with p at the leftmost end, then if the 
pattern substitution relation relates r tor' , we can deduce that r' is 
well-typed in the smaller pattern context. The following definition 
of pattern substitution satisfies this principle: 

As an aside, it is evident that these rules define a relation that 
is syntax-directed and total. So it appears we could have defined a 
pattern substitution function instead of using a more syntactically 
heavyweight judgement. However, later on we will need to relax 
this condition, so we present pattern substitution as a relation from 
the beginning. 

Equipped with an understanding of what pattern substitution is, 
we give the operational semantics below, with mutually recursive 
reduction relations for each of the syntactic categories. The only 
novelties in this semantics are that we use pattern substitution in- 
stead of ordinary substitution when reducing function applications 
and case statements, and that there is an extra rule to discard redun- 
dant type annotations. 



Negative Elims t 
Values v 



x I (e : A) I t e 

(} I (v,v') I inl v I inr v \ Xp. u 



ei 



e2 1 



e 2 



(ei,e 2 > 1 



(ei,e 2 ) 



(vi,e 2 ) 



(vi,e' 2 ) 



T h e : A 
T > (e : A) : A 



ANNOT 



Now, we need to explain what substitution means for our pattern 
context. Intuitively, the pattern associated with each hypothesis 
should drive how values are decomposed, an idea we formalize with 
the following relations: 



L (WP»A r ' 



R ((v/p)) A \p'.u^ Xp'.u' 



L (Wp))A r ^ r ' 
R ((v/p)) A r^r' 



L {{v/x)) A r^[(v:A)/x]r L ({{)/()))i r - r 

L ((vi/Pi)) Al r ^ r> L fe/p 2 )) A2 r' ^ r" 
L {{{vi,v 2 ) I <Pl,P2») AlXA2 r ^ r" 

L (Wpi)) A r i r ' 

L ((inl v/[pi I p 2 ]» A+s [ri I r 2 ] ^ r' 

L i v /P2)) B r 2 ^ r ' 

L «inr v/[pi I p 2 ]»A+s I r i I r 2] r' 
These rules match a value against a pattern, decomposing the 
value. When we reach a pair pattern (pi,P2), we decompose the 
value (t>i,t>2) into two pieces, and sequentially match vi against 



inl e h 



inl e' 



case(t,p => r) h^ pl case(t',p => r) 

L ((v/p)) A r^r> 



(v:A)^ PL v case((v : A),p=> r) h^ pl r' ten NL i'e 



(v.A)e ^ NL (v : A) e' (e : A) i-» NL (e' : A) 

K((v/p)) A u^u' 
(Xp. u:A^B)v («' : B) 

This semantics validates the usual progress and preservation 
theorems. 

PROPOSITION 2 (Type Soundness). This language is sound. 

• Progress holds: 

1. If '■ h e : A, then e i-^ PR e or e is a value v. 

2. If ■; ■ h u : A, then u i-^ NR u or u is a value v. 

3. If •; • > r : A, then r ^ PL r' or r is a value v. 

4. If->t:A, then t >-^ NL t' or t is a term (v : A). 

• Type preservation holds: 

1. If '■ h e : A and e ^ PR e', then ■ h e' : A 

2. If h u : A and u i-^ NR u , then •; • h v! : A 



3. //•;•> r 
4.If->t:A andt 



A and r i-^ PL r', then •;•> r' : A 
NL t', then -hi' :A 



BOT 



3. From ML Patterns to Focused Patterns 

While our language is very pleasant theoretically, it is not yet ade- 
quate to fully explain ML pattern matching. Consider an example 
from SML like: 



case e of 

(Inl x, Inl u) => el 

I w as (Inr _, Inr _) => e2 

I z => e3 



This small example is doing quite a few things. First, it uses 
wildcard patterns and as-patterns, which have no analog in the pat- 
tern language we have described so far. Second, this example relies 
on implicit priority ordering — we expect the first two patterns to 
be tested before the last. This is what ensures that even though the 
variable pattern z (in the third clause) matches anything on its own, 
it will only serve as a catch-all. 

To explain as-patterns and wildcards, we will extend the lan- 
guage of patterns with the patterns T (for wildcard) and the and- 
pattern p hp' . We extend the typing rules and pattern substitution 
relation below. 



T; A > -/ 



T;T : A, A >r : B 



Top 



T;p : A,p' : A, A > r : B 
T; p A p' : A, A > r : B 



AND 



L <WT» A r. 



L ((v/Pi)) A r^r' L ((v/p 2 )) A r' ■ 
L {{v/px Ap2» A r r" 



We can introduce a wildcard or and-pattern at any type. The 
typing rule TOP requires that the term be well-typed without the 
wildcard hypothesis, and the rule AND for the and-pattern p A p 
requires that we be well-typed in a context with both p and p' 
pattern hypotheses. If we erase the proof terms from the rules, we 
see that the rules for these two patterns have a very clear logical 
interpretation: the rule TOP rule is the rule of weakening, and the 
AND rule is the rule of contraction. 

The pattern substitution for the T pattern simply throws away 
the value and returns the arm unchanged. The and-pattern p\ A pi 
matches v against pi, and then matches it a second time against p 2 - 

However, we are no closer to the goal of being able to account 
for the priority ordering of conventional pattern matching. Looking 
once more at the example at the start of this section, it is clear that 
when we interpret the third clause — the pattern Z — we must 
also have some way of saying "match Z, but not if it matches the 
first or second clauses". If we had some sort of negation operation 
on patterns, we could express this constraint, if we interpreted the 
ML pattern Z as the focused pattern z A -i[(Inl x, Inl u)]A 
-i|(y as (Inr _, Inr _))]. Here, we use negation to indicate 
an as-yet-undefined pattern negation, and the semantic brackets 
to indicate an as-yet-undefined translation of ML patterns into 
focused form. The idea is that we want a pattern that is z and not 
the first clause, and not the second clause. 

To make this possible, we start with the wildcard T and and- 
pattern p A p' patterns, and add their duals to the language of 
patterns. That is, we add patterns _L and p V p' to our pattern 
language. 



r ; _L : A, A >_L : B 
T;p: A,A>r : B T; p' : A, A > r' : B 



T;pVp' : A, A>rVr' : B 
L ((f /Pi» A r l r ' L {{v/P2)) A r 2 



OR 



L ((v/pi V P2» A r\ V r 2 



L (W/>1 V P'i)) a r l V r 2 ' 



Patterns p 
Arms r 



I -L | pVp' 
| ± | rVr' 



The intended semantics of the false-pattern _L is guaranteed fail- 
ure — just as T matches successfully against anything, _L will 
successfully match nothing. This semantics is given by not giv- 
ing a rule for _L in the pattern substitution judgement, which en- 
sures there is no way for a false pattern to match. Likewise, when 
we match a value against the or-pattern p V p', we will nondeter- 
ministically choose one or the other pattern to match against. To 
implement this semantics, we give two rules in the pattern substi- 
tution judgement for or-patterns, one corresponding to taking the 
left branch and one for the right. So pattern substitution may now 
be undefined (if a false pattern appears), or it may give multiple 
results (if an or-pattern appears), revealing why we defined it in 
relational style, as a judgement. 

The OR typing rule says that pV p' typechecks if the left-hand 
pattern p typechecks against the left-hand arm r, and the right- 
hand pattern p' typechecks against the right-hand arm r' . Despite 
the name, this pattern form is much more general than the or- 
patterns found in functional programming languages - neither is 
there a requirement that the two patterns bind the same variables, 
nor do the two patterns have to share the same arm. Instead, this 
pattern form is better compared to the vertical bar separating case 
alternatives pi — » ei I p 2 — » e 2 I ... I p„ ^ e„. 

The BOT typing rule says that _L is a valid pattern at all types. 
It is a syntactic marker for an incomplete pattern match: there is 
no way for any value to successfully match against it. As a result, 
the progress lemma fails when the _L pattern can be used without 
restriction (though type preservation still holds), because a false- 
pattern can be used to block reduction in a well-typed program. 
This is an intentional decision, made for two reasons. 

First, internalizing incompleteness as a form of type-unsafety 
makes it easy to prove the soundness of a coverage algorithm: we 
know that a coverage algorithm is sound if it is strong enough to 
make the progress lemma go through. Second, having false- and 
or-patterns allows us to define the complement of a pattern — for 
any pattern at a type A, we can define another pattern that matches 
exactly the values of type A the original does not. The negation 
operation has a very similar form to the de Morgan identities: 



,(> =± 

<P,P') =<T»,T>V(T,V> 

^0 = 0 

,[p I p'} = [^p I V] 

hT =± 

^(p A p') = -ip V -ip' 

i± = T 

t(P V p') = ->p A -ip' 



We can show that this definition is a genuine complement. 

PROPOSITIONS (Pattern Negation). // T;p : A, A [> ri : C, 

T'; -^p : A, A' [> r 2 : C , and ■ h v : A, then: 

* L i v /P)) A r l ^* r 'l 0r L (( V /p'))a r 2 ^ r> 2 

• It is not the case that there exist r[,r 2 such that L {{v/p)) A r\ <—* 
r' x and L ((v/^p)) A r2 r' 2 . 



So any value v will successfully match against either p or ->p, but 
not both. The proof of this theorem is a routine induction, but uses 
the deep operations defined in the next section. 

Now, we can explain how to interpret ML-style case statements 
in terms of focused pattern matching. Suppose we have a case 
statement with the branches gi — > ei| . . . g„ — > e„, where we 
write q for ML pattern expressions: 

ML Patterns q ::= x | () | (<j, q') | inl q | inr q 
_ | x as q 

First, we give a simple priority-free interpretation of each pattern, 
which defines the semantic brackets [g] used earlier to motivate our 
extensions to the pattern language: 



[<)] 

[<5i,«a>] 

[inl qj 
[inr qj 

[J 

{x as qj 



0 

<bi],b2]> 
IM I M 
l± I Ml 

T 

zA[q] 



Next, we translate a series of disjunctive ML patterns qi 
ei | . . . \q n — > e„ into a pattern/arm pair (p; r) as follows: 

translate^! — » ei | . . . \q„ — » e n ) = 

translate'((/i — > ei | . . . \q n — > e n ;T) 

translate'(-; neg) = (-L;_L) 
translate' (qi — » ei|g — » e; neg) = 



let pi = {qi} A neg 
let r'! = arm(pi; [ei])_ 
let (p;r) = translate' (<j 

(pi V p; ri V r) 



-.[gi] A neg) 



So <?i gets translated to [gi] A T, g2 gets translated to [g2] A 
-i[gr] A T, and so on, with all of the negated patterns being stored 
in the accumulator argument neg. We then disjunctively join the 
patterns for each branch. Likewise, to translate the ML term e\ to a 
pattern term n, we first need to find the translation of the term on 
its own (which we assume to be [ei]), and then "expand it" so that 
the sum- and or-patterns within pi can find the term [ei] where 
they expect to. We give the function to do this below: 

arm(-; r) = r 

arm(a;, ps; r) = arm (ps; r) 
arm((), ps;r) = arm(ps;r) 
arm((pi,p 2 > ,ps;r) = arm(pi, p 2 , ps; r) 
arm([], ps; r) = [] 

arm([p | p'],ps; [r | r']) = [arm(p, ps; r) | arm(p', ps; r)] 

arm(T, ps; r) = arm(ps;r) 

arm (p A p' , ps; r) = arm (p, p' , ps; r) 

arm(±, ps;r) = ± 

arm(p V p',ps; r) = arm (p, ps; r) V arm (p',ps; r) 

This function walks down the structure of its argument, repli- 
cating the or/sum structure of its pattern arguments with or/sum 
arms, and placing r at the leaves of this tree. (Unsurprisingly, this 
function exactly mimics the way that the left-inversion phase de- 
composes the pattern context.) 



4. Deep Operations on the Pattern Context 

In order to explain features like pattern compilation, we need to be 
able to manipulate and reorder the pattern context. For example, 
we would like to be able to simplify a pattern like [x \ _L] V [_L y] 
into a pattern like [x \ y\. However, the pattern context is ordered, 
in order to fix the order in which case analyses are performed. 
So theorems about manipulating patterns deep inside the pattern 
context must also have associated algorithms, which explain how 
to perform this restructuring. 



4.1 Deep Inversion and Deep Introduction Lemmas 

We begin by showing that it is admissible to decompose pattern 
hypotheses anywhere in the context. Each of these lemmas gener- 
alizes one of the positive left rules, allowing the decomposition of 
a pattern hypothesis anywhere within the pattern context. To save 
space, the lemmas are given in inference rule style, with the double 
line indicating that the top and the bottom imply each other. 



T,x : A; A, A' >r : C 
T;A,x : A, A' >r : C 



DVar 



T; A, A' &>r : C 
r ; A,<) : 1,A' >r:C 



Dl 



T; A pi : A llP2 : A 2 , A' > r : C 
r ; A, (pi,p 2 > : Ai X A 2 ,A' \>r : C 

r ; A,A'>r:C 
T;A,T : A, A' >r : C 

T; A,pi : A,p 2 : A, A' >r : C 



Dx 



DA 



T; A, pi Ap2 : A, A' > r : C 

These lemmas show that the inversion and introduction principles 
for variable, unit, pair, and and-patterns can be generalized to work 
deep within the pattern context are all admissible, and that doing so 
does not change the shape of the associated arm. 

Next, we generalize the introduction and inversion principles 
associated with the +L and VL rules, and say that it is admissible 
to apply left-rules for sums and ors deep within the pattern context. 
However, unlike the case for pair- and and-patterns, doing so does 
require substantially restructuring the arms, because we may need 
to go deep within the arms to ensure that the case splits in the 
proof terms still match the order in the context. As a result, we use 
auxilliary functions to restructure the proof terms appropriately. 



T; A, Pl : Ai, A' > OutWA; r) : C 
T; A,p 2 : A 2 , A' > Out^A; r) : C 
T; A,[p! | p 2 j : Ai + A 2 , A' \>r : C 



D+OUT 



r ; A, pi : A, A' > Out!^ (A;r) : C 
r ; A,p 2 : A, A' > Out^(A;r) : C 



DVOUT 



r; A, pi V P2 : A, A' >r : C 

T; A,pi : Ai, A' > n : C T; A,p 2 : A 2 , A' >r 2 : C 
T; A, [pi I p 2 ] : Ai + A 2 , A' > Join + (A; n;r 2 ) : C 

V; A, pi : A, A' >ri : C V; A,p 2 : A, A' > r 2 : C 



D+JOIN 



T; A,pi V P2 : A, A' > Join v (A;ri;r 2 ) : C 



DVJOIN 



In the DVJOIN and D+JOIN rules, we use the functions Join v and 
Join+ to properly combine the two arms ri and r 2 . Here is the 
definition of the Join + function: 

Join + (-;ri;r 2 ) = [ri | r 2 ] 

Join+(x : A, A; ri ; r 2 ) = Join_|_ (A; r\ ; r 2 ) 

Join+(() : l,A;ri;r2) = Join-|- (A; r\ ; r 2 ) 

Join + ((pi,p 2 > : Ai X A 2 ,A;r 1 ;r 2 ) = Join + (pi : Ai,p 2 : A 2 , A;n 
Join + ([] : 0, A; n;r 2 ) = [] 

Join+([pi | p 2 ] : A + B, A; [r[ \ r'{]; [r' 2 \ r 2 ']) = 

[Join+(pi : A, A; r\;r' 2 ) \ Join+(p 2 : B, A; r"; r 2 ')] 
Join+(T : A, A; r\ ; r 2 ) = Join_|- (A; r\ ; r 2 ) 

Join+(pi A P2 : A, A; n; r 2 ) = Join+(pi : A,p2 : A, A; n; r 

Join + (± : A, A; r x ; r 2 ) =± 
Join+(pi V p 2 : A, A; r[ V r'{; r' 2 V r 2 ') = 

Join+(pi : A,A;ri;r 2 ) V Join+(p 2 : a, A; r"; r 2 ) 

This function walks down the structure of the pattern contexts, 
destructuring the arms in lockstep (and hence their proof trees), 
until it reaches the leaves of the derivation, where the goal patterns 
are at the leftmost position. Then it simply puts the two derivations 
together according to the +L rule. Note that this function definition 
is apparently partial — when the head of the context argument 



A is a sum pattern [p \ p'] or an or-pattern p V p', then both of 
the term arguments must be either sum-case bodies [r \ r'\ or 
or-pattern bodies r V r' respectively. However, well-typed terms 
always satisfy this condition. (The definition of Join v is similar; 
the only difference is that the base case becomes Join v (•; ri ; r 2 ) = 
ri V r 2 .) 

Likewise, the D+OUT rule shows that we can take apart a term 
based on a case analysis it performs deep within its arm. The OutL 
function walks down the structure of the context to grab the correct 
branch of the case at each leaf: 



ri 

Out^(A;r) 
0<(A;r) 

Outh (pi : A±,p 2 : A 2 , A;r) 



Outij_(-; [n | r 2 ]) 
Out^(x : A, A; r) 
Out!j_((> : 1, A;r) 
Out!j_((pi,p2> : A 1 x A 2 , A;r) 
OutV(D:0,A;r) =[] 
Out L + ([ Pl | pa] : A 1 + A 2 , A; [n | r 2 ]) = 

[Outij_(pi : A u A;n) | Out^(p 2 : A 2 ,A;r 2 )] 
Out^(T : A, A; r) = Out!j_(A;r) 

Out^_ (p! A p 2 : A, A; r) = Out\_ (pi : A, p 2 : A, A; r) 

Out+(± : A, A; r) =± 
Outh(pi V p 2 : A, A; n V r 2 ) = 

Out|j_(pi : A, A;n) V OutY(p 2 : A, A;r 2 ) 

The other Out projections are identical, except with differing 
base cases as follows: 

Out'J.O; [n |r 2 ]) = r 2 
Outv(-;n Vr 2 ) = n 
Out v (-;n Vr 2 ) = r 2 

Finally, we have generalized rules for the 0 type and false- 
pattern. 

; DO 

T; A, [] : 0,A' >Abort 0 (A) : C 

DJ_ 



r ; A, ± : A, A' > Abort ± (A) : C 

As expected, there are associated functions to ensure that an abort 
or a _L occurs at every leaf of the proof tree: 

Aborto(-) = Q 

Aboito(a; : A, A) = Aborto(A) 

Abort,, (<} : 1, A) = Abort,, (A) 

Abort 0 ((pi,P2> : Ai x A 2 , A) = Abort 0 (pi : Ai,p 2 : A 2 , A) 
Abort,, (0 :0,A) = [] 

Abort 0 ([pi | pa] : A, + A 2 , A) = 

[Abort(,(pi : Ai, A) | Abort 0 (p 2 : A 2 , A)] 
Abort,, (T : A, A) = Abort,) (A) 

Abort,) (pi Ap 2 : A, A) =Abort 0 (pi : A,p 2 : A, A) 

Abort,) (± : A, A) =± 
Abort,) (p! Vp 2 : A, A) = 

Abort,) (pi : A, A) V Abort,) (p 2 : A, A) 

Abortx(A) is similar, with the first case returning _L. 
4.2 Coherence of the Deep Rules 

The deep inversions let us destructure terms based on a pattern hy- 
pothesis anywhere in the pattern context, and the deep introductions 
let us re-construct them. Beyond the admissibility of the deep inver- 
sion and introduction rules, we will need the following coherence 
properties: 

PROPOSITION 4. The following equations hold for all A, r, ri, r 2 

• Join v (A; n; r 2 ) = r if and only if n = Outy (A; r) and 
r 2 = Outv(A;r), 

• Join + (A; n; r 2 ) = r if and only if n = Out^(A;r) and 
r 2 = Out+(A;r), 

• IfT; A, [] : 0, A' r> r : C, then r = Abort,, (A), 

• IfT- A, _L : A, A' > r : C, then r = Abort x (A). 



These properties give us a "round-trip" property — if we take 
a term apart with a deep inversion and put it back together with 
a deep introduction (or vice-versa), then we get back the term we 
started with. In addition to this, we will need some lemmas that let 
enable us to commute uses of Join and Out. 

PROPOSITION 5. For all 0 £ {+, V} and d e {L, R}, we have: 

• r' = Out d v (A; Out d ^ (A, Pl V Pr : A, A'; r)) iff 
r' = Out^(A,p d : A, A';Out d (A;r)). 

• r' = Out^(A,p L Vp R : A, A'; Join v (A; n;r 2 )) iff 

r' = Join v (A;Out d ffi (A,p L : A, A'; n); Out^(A,p R : A, A';r 2 )) 

• r' = Out d / (A;Join e (A,p L Vp R : A, A'; n; r 2 )) iff 
r' = Join ffi (A,p d : A, A'; Outy (A; ri); Outy (A; ra)) 

• r' = Join ffl (A,p L V p R : A, A'; Join v (A; r 1 ;r[); Join v (A; r 2 ;r' 2 )) 
iffr 1 = 

Join v (A; Join e (A,p L : A, A'; ri; ra); Join©(A,p R : A, A'; r^; r' 2 )) 

In addition to these equalities, we have another four similar 
cases where the V-functions are replaced with +-functions. The 
net effect of these equalities is that we can use the deep inversions 
and introductions in any order, with the confidence that the order 
will not change the final result term — we get the same result term 
regardless of the path to its construction. 

4.3 Deep Exchange and Substitution 

Since reordering the pattern context corresponds to doing case 
splits in different orders, it seems intuitively clear that reordering 
the pattern context should give rise to a new proof term that is in 
some sense equivalent to the old one. To make this idea precise, 
we do three things. First, we prove that the rule of exchange is 
admissible for the pattern context. Second, we extend the notion of 
pattern substitution to include substitutions deep within the context, 
and not just at the leftmost hypothesis. Finally, we show that if 
we get the same result regardless of whether deep substitution 
follows an exchange, or preceeds it, which justifies the intuition 
that moving the pattern hypothesis in the ordered context "didn't 
matter". 

4.3.1 Exchange 

Proposition 6 (Exchange). If V; A, p : A, A', A" > r : C 
holds, then we have V; A, A', p : A, A"l>Ex(A;p : A; A';r) : C. 

Here, we assert that if we have a derivation of T; A, p : A, A',A"|> 
r : C, then we can move the hypothesis p : A to the right, past the 
assumptions in A'. The proof term naturally gets altered, and so 
we must give a function Ex which computes the new arm. 

Ex(A;:r : A; A';r) = r 
Ex(A; (} : 1; A';r) = r 
Ex(A; (pi,p 2 > : Ai X A 2 ; A';r) = 

let r' = Ex(A;pi : Ai;p 2 : A 2 , A';r) 

Ex(A;p 2 : A 2 ; A',pi : Ai;r') 
Ex(A; [] : 0; A'; r) = Abort 0 (A) 
Ex(A;[pi | pa] : Ai + A 2 ;A';r) = 

let r[ = Ex(A;pi : Ai; A'; Outh (A; r)) 

let r' 2 = Ex(A;p 2 : A 2 ; A'; Out^(A; r)) 

Join + (A, A'; r\\r' 2 ) 
Ex(A;T : A; A';r) = r 
Ex(A;pi Ap 2 : A; A';r) = 

let r' = Ex(A;pi : A;p 2 : A, A';r) 

Ex(A;p 2 : A; A',pi : Ai;r') 
Ex( A; ± : A; A' ; r) = Abort x (A) 
Ex(A;pi Vp 2 : Ai + A 2 ; A';r) = 

let r[ = Ex(A;pi : Ay, A'; Out v (A; r)) 

let r' 2 = Ex(A;p 2 : A 2 ; A'; Out v (A; r)) 

Join v (A, A'; ri;r 2 ) 



This function is inductively defined on the structure of the 
pattern argument p, and it uses the deep inversion principles (and 
their associated functions Out) to break down the derivation for the 
recursive calls, and it uses the deep introduction functions (and their 
associated functions Join) to rebuild the arm for the new pattern 
context. 

4.3.2 Deep Substitution 

The statement of the deep pattern substitution lemma is a straight- 
forward generalization of the substitution principle for the pattern 
context: 

Proposition 7. //• I- v -. A, and F; A,p : A, A' i> r : C, and 

L {{v/p))a t ^ r '> then r ; A > A' > r' : C. 

Of course, we need to define deep pattern substitution. In the 
definition below, note that it is nearly identical to the ordinary 
pattern substitution — we simply index the relation by A, and use 
the Join* and Out* functions in the place of the [■ | ■] and • V • 
constructors. 

r-*[(»:A)/z]r L «(>/<>»f r ^ r 

^l/riV^ L ((v2/P2))i 2 r'^r" 
L (((t>i,t>2} / <Pi,P2»)i lX A 2 r <-> r" 

L (W Pl ))i(OutV(A;r))^r' L (Wp 2 ))j (0<(A; tj) ^ r' 
L ((inl v/]pi | P2]))a+b r^r' L ((inr v/\pi \ P2]))a+b r ^ r ' 

L (Wpi))*r^r' L (WK^r'^r" 

L «»/T))>Mr L ((i,/pi Arf^r^r" 

L (W Pl ))i(OutUA;r))^/ L (W P2 ))^ (Out^(A; tj) ^ r' 
L ((v/ Pl V p 2 »A r ^ r ' L (Wpi V p 2 »^ r <-+ r' 



4.3.3 Permuting Substitution and Exchange 

Now, we can show that we can permute the order in which we 
do substitutions and exchanges. That is, we want to show that 
if we substitute a value for a pattern in a context after doing an 
exchange, we get the same result as performing the exchange, and 
then substituting into the permuted context. We end up with four 
cases to this lemma, depending on whether the target hypothesis of 
the exchange is to the right of the hypothesis to be substituted, the 
pattern to be substituted itself, or is a hypothesis to the left of the 
substitution target. For clarity, we write these lemmas in inference 
rule style, putting the premises above the line and the conclusion 
below. In the following two cases, we assume • h v : A: 

L (WP»A r ^ r ' T; A,p : A,A',p' : B, A" > r : C 
L (WP»A Ex(A,P : A, A';p' : B; A"; r) ^ Ex(A, A';p' : B; A"; r') 

L ((v/p))%r^r' r;A,p:A,A',A">r:C 

L ((v/ P ))a' A ' Ex(A;p:A;A';r)-r' 

In the first case, we exchange the position of a hypothesis to the 
right of the substitution target, and in the conclusion we see that 
performing the substitution on the exchanged term yields the same 
result as performing exchange on the substitutand. In the second 
case, we see that exchanging the target of a substitution does not 
change the result. 



In the next two cases, we assume that • h v : B: 
L ((v/p'))b ,P:A ' A '' A " r^r' T;A,p: A, A',A",p' : B, A'" > r : C 
L (("/p'))b' A ' P:A ' A " Ex ( A 'P ; A;A';r) — Ex(A;p : A; A';r') 
L ((»/p')>b P:A,A '^ r' T; A,p : A, A',p' : B, A", A'" > r : C 
L (( v /p'))b' A ' Ex(A;p : A; A',p' : B, A"; r) ^ Ex(A;p : A; A', A"; r') 
In the third case, the target of the exchange is to the left of the 
substitution target, but is not exchanged past it. In the fourth case, 
the exchange target is to the left of the substitution target, and the 
action of the exchange moves it to the right of the substitution 
target. 

Proving this commutation involves proving it for Out and Join, 
and then working up. 

4.3.4 Discussion 

In this section, we have stated numerous technical lemmas. The rea- 
son for going into this level of detail is to illustrate that the overall 
structure of the metatheorems 1) is extremely regular and 2) con- 
sists of statements of familiar logical principles. The only thing that 
makes these lemmas differ from the corresponding lemmas for the 
sequent calculus formulation is that we have to explicitly manage 
the proof terms. Even so, we can see the algorithms as nothing more 
than the constructive content of the proofs showing the admissibil- 
ity of principles like inversion, introduction, exchange and substi- 
tution. When we use these algorithms as subroutines to implement 
coverage checking and pattern compilation, we will be able to see 
exactly how directly they depend on logical proof transformations. 

5. Coverage Checking 

In order to get useful answers out of the machinery of the previous 
sections, we first need some good questions. One question is the 
question of coverage checking — how can we ensure that a pattern 
match against a value will always yield a unique result? 

This is an interesting question because the pattern language we 
have introduced does not always answer these questions in the 
affirmative. For example, the pattern [x \ J_] A [J_ | y] will never 
match against any value, and likewise, the pattern x V (T,y) can 
match in two different ways. 

So we must find out how to check whether the pattern substitu- 
tion relation defines a total function for a particular pattern. Since a 
relation is functional when it is total and it has only one output for 
each input, we will define judgements to track both of these con- 
ditions. We begin with the judgement p det A, which should hold 
whenever there is at most one way any value of type A can match 
against the pattern p. 



p det A 



pi det Ai p2 det A2 
x det A [] det 0 [pi | P2] det Ai + A 2 () det 1 

pi det Ai P2 det A2 pi det A P2 det A 

(pi,P2) det A\ x A2 T det A pi A P2 det A 

pi det A P2 det A Pi,P2 fail A 
_L det A pi V P2 det A 

This judgement inductively follows the structure of the pattern, 
asking only that each pattern's sub-components are deterministic, 
until it reaches the case for the or-pattern p V p' . This is the 
difficult case, because both p and p' might be deterministic, but 
the combination might not be. For example, consider the pattern 



x V T. Each half is trivially deterministic, but because there are 
values that can match either pattern, the or-pattern as a whole is not 
determinate. 

If we knew that there were no values that could match both pat- 
terns, then we could know the whole pattern covers. To determine 
this, we introduce the judgement pi, . . . ,p n fail A, which holds 
when no value v of type A can match against all of the patterns pi. 
Now, we call out to pi , P2 fail A to establish the premise of the or- 
pattern case — we believe pi V P2 det A when we know that there 
is nothing in the intersection of pi and p2. We give the definition 
of ~p fail A itself below: 



~p fail A 



Pi,pS fail A 



Pi,p,p' ,P2 fail A 



Pi, T,p2 fail A P~t,P A p',p2 fail A pi, _L, p$ fail A 

pi, p, P2 fa\\ A Pi,p',p~2 fail A 



Pi,P Vp'.pS fail A 



Pi,p 2 fail A 
pi,x,p~2 fail A 



p{ fail Ai pS fail A 2 



[] fail 0 



pi fail Ai 



[pi I p 2 ] fail Ai + A 2 
P2 fail A 2 



(pi,p 2 > fail Ai x A 2 



(pi,p 2 > fail A 1 x A 2 



Furthermore, we can use the fact that we have a syntactic negation 
on patterns to turn our failure judgement into a coverage judgement. 
That is, if ^p fail A, then we know that p must match against all 
values of type A — which is precisely what we require of coverage! 

(-ip) fail A 
p covers A 

Now, we can make these informal claims precise, and show the 
soundness of these judgements. 

PROPOSITION 8 (Failure). If we have derivations 

• pi,. . . ,p n fail A 

• r; A, pi : A, ...,p n : A, A' > n : C, 

• • h v : A 

then it is not the case that there exist r 2 , . . . , r n+ i such that for all 
i€{l,...,n}, L ((v/pi))^ n r i+ i. 

The proof of this statement is via an induction on the failure 
judgement, and in each case we make use of the deep operations 
defined in the previous section. 

The most interesting case of the proof is when we reach the 

rule for decomposing a set of pair patterns (pi,p 2 ). In this case, 
we need to make use of the lemmas that allow us to commute ex- 
change and substitution — we begin with a context in the form 
A, (pi,p 2 ) : A\ x A2, A'. Inversion lets us rewrite the context to 
A, pi : j4i,p 2 : A2, A'. Then, we use exchange to transform it into 
the form A,pi : A±,p2 : A2, A', and appeal to the induction hy- 
pothesis. This gives us enough evidence to construct the refutation 
we need only because we can reorder a series of exchanges and 
substitutions without changing the final result. 

PROPOSITION 9 (Coverage). If we have derivations ■ h v : A, 
p covers A, and F; A,p : A, A' [> r : C, then L ((«/p})a r ^ r ' ■ 

This is an immediate consequence of the soundness of the 
failure judgement, and the semantics of pattern negation. 



PROPOSITION 10 (Determinacy). If we have derivations 

• ■ h v : A, 

• p det A, 

• r ; A,p : A, A' > r : C, 

• Di :: >/p»*r^/, 

then if D 2 :: L «iVp»a' 



r", we know D\ = £> 2 . 



We write D :: L {{v/p))% 



r' to indicate that we want 
to consider a particular derivation D of the pattern substitution of 
v into p. This means that our determinacy judgement ensures that 
there is at most one way to perform a pattern substitution for each 
value. 

We can now recover the progress lemma, by changing the rules 
governing the introduction of pattern hypotheses: 

F; A,p : Ah u : B p covers A p det A 

F; A h Ap. u : A -> B ~* 

r > t : A F; p : A > r : B p covers A p det A 

— FOCUSP' 

F; ■ > case(t,p => r) : B 

PROPOSITION 1 1 (Progress, Redux). We have that: 

1. If '• h e : A, then e i-^ PR e' or e is a value v. 

2. If •; • h u : A, then u k^ nr u or u is a value v. 

3. If •;•> r : A, then r i-^ PL r' or r is a value v. 

4. If->t:A, then t >-^ NL t' or t is a term (v : A). 

Finally, while we are discussing coverage, it is worth pointing 
out that the failure judgement also allows us to detect redundant or 
useless patterns, during the translation of ML patterns to focused 
patterns. As we compile each arm, we can check to see if the arm 
conjoined with the negation of its predecessor pattern fails, and if 
so, we know that the arm is redundant, and can signal an error. 

6. Pattern Compilation 

6.1 What Is Pattern Compilation? 

If we implemented the focused pattern calculus in a naive way, 
we would observe that there are several inefficiencies in the pat- 
tern substitution algorithm, arising from and- and or-patterns. And- 
patterns p A p can force the same value to be destructured mul- 
tiple times. For example, a match of a value v against the pattern 
[x I y] A [if I v] will result in v being destructured twice — once 
to determine whether to take left or right branch for the pattern 
[x I y], and again to determine whether to take the left or right 
branch for [u \ v] . This is redundant, since one test suffices to es- 
tablish whether v is a left- or right-injection. 

Likewise, or-patterns can also introduce inefficiency, because 
their naive implementation is via backtracking — when a value v 
is matched against a pattern pi V p 2 , we will try to match pi and 
if it fails, try matching p 2 . This can result in repeated re-tests if 
the cause of the failure is deep within the structure of a term. For 
example, suppose we match a value of the form inl inl v' against a 
pattern like [[_L T] | T] V [[T | _L] _L] . Here, a naive left-to-right 
backtracking algorithm will case analyze two levels deep before 
failing on the left branch, and then it will repeat that nested case 
analysis to succeed on the right branch. 

To avoid these inefficiencies, we want a pattern compilation 
algorithm. That is, we want to take an otherwise complete and 
deterministic pattern and arm, and transform them into a form that 
does no backtracking and does not repeatedly analyze the same 



term, and whose behavior under pattern substitution is identical to 
the original pattern and arm. 

We can state this constraint by restricting our language of pat- 
terns to one in which 1) failure and or-patterns do not occur, and 2) 
the only use of conjunctive patterns is in patterns of the form x Ap. 
The first conditions ensures that pattern substitution will never fail 
or backtrack, and the second condition ensures that and-patterns 
can never force the re-analysis of a term, since a variable pattern 
can only trigger a substitution. The target sublanguage of patterns 
is given in the following grammar: 

c ::= x | () | ( Cl ,c 2 > | [] | [ Cl |c 2 ] 
T j x A [ci j c 2 ] | x A (ci,c 2 ) 

Observe that a restricted pattern c corresponds to a series of primi- 
tive let-bindings, pair bindings, and case statements on sums, each 
of which corresponds to a form in the usual lambda calculus. 

So we can formalize the pattern compilation as asking: is there 
an algorithm that can take a complete, deterministic pattern p with 
arm r, and translate it into a pattern c (with arm r'), such that for 
all v, if L ((v/p)) A r r" if and only if L ((v/p}} A r' ^ r"? 

6.2 The Pattern Compilation Algorithm 

We give a pattern compilation algorithm in Figure 2, which takes 
two arguments as an input. The first is a pattern context A. This 
argument will be used as the termination metric for the function, 
and will get smaller at each recursive call. It also constrains the type 
of the second argument. The second argument is a set S of pairs, 
with each pair consisting of a row of patterns g» and an arm r. Each 
row's pattern list is the same length as the metric argument, and the 
ra-th pattern in the pattern list is either T or the same pattern as the 
n-th pattern in the metric list A. Additionally, this set satisfies the 
invariant that for any sequence of values Vi : Ai of the right types, 
there is exactly one element of S for which all of the Vi can succeed 
in matching its qi. 

The set S is related to the matrix of patterns found in the 
traditional presentations of pattern compilation. We only need a 
set instead of an array, because our alternation operator p V p' is 
a form of non-deterministic choice. However, this also means we 
need the extra invariant that there is only one matching row for any 
value, because we have no ordering that would let us pick the first 
matching row. 

With this description in mind, we can state the correctness 
theorems below: 

PROPOSITION 12 (Soundness of Pattern Compilation). If we have 
that 

• A = pi : Ai, . . . ,p n : A n 

• S is a set of pairs such that for every (p[, . . . ,p'„;r') G S, 
Pi G {Pi,T}, andr;p[ : Ai,. .. ,p' n : A n , A' > r' : C 

• For all vi : Ai, . . . , v„ : A n there exist (p[, . . . , p' n ; r[) G 
S such that there exist r' 2 . . . r' n+1 such that for all i G 

{1-.4. l (WpO),/1-4i- 

• (ci, . . . ,c„;n) = Compile(A; S) 
then it holds that 

• T; a : Ai, . . . , c„ : A n , A' [> r[ : C, and 

• For all Vi : Ai , . . . , v„ : A n , if there exists a unique 
(p[ , . . . , p' n ; n ) G S, such that there exists a unique r 2 , . . . , r n +i, 
such that for all 1 < i < n, l {{vi/p'i)) A r'i r' i+1 , then there 
exist r 2 . . . r n +i such that for all 1 < i < n, L ((«; /c,)) A r» 

r i+ i andr n +i = r' n+1 . 

PROPOSITION 13 (Termination of Pattern Compilation). If we have 
that 

• A =pi : Ai, . . . ,p n : A n 



• S is a set of pairs such that for every (p[, . . . ,p' n ;r') G S, 
p'i G {p t ,T}, andY;p\ : Ai, . . . ,p' n : A n , A' E> r' : C 

• For allvi : Ai , . . . , v„ : A n there exists a unique (p[ , . . . , p' n ; r[ ) G 
S such that there exist unique r' 2 ■ ■ ■ r' n+1 such that for all 

i € {l...n}. L {{v l /p' l )) M r' x ^ r' i+1 

then there is a (ci, . . . , c„; n) = Compile(A; S) 

Looking at Figure 2, we see that the compilation algorithm is recur- 
sive, and at each step it 1) breaks down the outermost constructor of 
the leftmost pattern in the pattern context A, 2) adjusts the set S to 
match the invariant, 3) recursively calls Compile, and 4) constructs 
the desired result from the return value. 

Clearly, if A is empty, then there is no work to be done, and the 
algorithm terminates. If the first pattern is a unit pattern, then we 
know that the first element of each of the pattern lists in S is either 
T or (). So, we can adjust the elements of S by using inversion 
to justify dropping the T and (} patterns from the start of each 
of the pattern lists in S. Then, we can recursively call the pattern 
compiler, and use the unit introduction rule to justify restoring the 
unit pattern to the front of the list. 

Likewise, if the first pattern is a pair pattern (pi , p 2 ), we can use 
inversion to justify splitting each of the pattern lists in S. If the first 
pattern in a pattern list is (pi,p 2 ), then we can send it to pi,p 2 , 
and if it is T, we can send it to T, T. 4 (The intuition is that at a pair 
type, T is equivalent to (T, T).) Then, after the recursive call we 
can use pair introduction to construct the optimized pair pattern. 

If the first pattern is an abort pattern [], then we can return a 
pattern list that starts with [] and is followed by a sequence of T 
patterns. This is fine because there are no values of type 0, so the 
correctness constraint holds vacuously. 

We reach the first complex case when the first pattern is a sum 
pattern [p± \ p 2 ]. First, we define the Left and Right functions, 
which take the elements of S and choose the left and right branches, 
respectively. (If the head of the pattern list is a T pattern, it gets 
assigned to both sides, since (T, qs; r) with the head at a sum type 
is equivalent to ([T | T], qs; [r \ r]).) 

After splitting, we call Compile on the left and right sets. How- 
ever, we can't just put them back together with a sum pattern, be- 
cause we don't know that the tails of the two pattern lists are the 
same — they arise from different calls to Compile. This is what the 
Merge function is for. Given two pattern contexts and arms consist- 
ing of optimized patterns, it will find a new pattern context and a 
new pair of arms, such that the new arms are substitution equivalent 
to the old ones, but which are typed under the new pattern list. 

PROPOSITION 14 (Context Merging). If we have that 

• r ; Ai,ci : A,Ai>n :C, 

• V; A 2 , c 2 : A, A 2 > r 2 : C, and 

• • h v : A, 

then we may conclude that 

• (c';ri;r 2 ) = Merge A (Ai; a; n; A 2 ; c 2 ; r 2 ), 

• r ; Ai,c' : A, Ai > r[ : C, 

• r; A 2 ,c' : A, A' 2 t> r' 2 : C, 

• L (Wc'»a 1 r[ ^ r'{ if and only if L {{v/c 1 }}^ 1 n ^ r'{, and 

• L <Wc'»a 2 r' 2 — r'i if and only if L ((v/c 2 })f r 2 <-> r'i 

The notation Merge* in Figure 2 indicates that we apply Merge 
to each element of the sequences cs 1 and cs 2 . Its definition uses 
another auxilliary function Weaken. As its name might suggest, 
this is a generalized weakening lemma for the pattern context. 

4 Here, as in many of the other cases, we define a local function split((p; r)) 
to perform this decomposition. Also, we write map split(S') to indicate 
mapping over a set. 



PROPOSITION 15 (Extended Weakening). IfF; A, A' Or : C and 
r' = WeakeriA(A; c; r), f/jen T; A, c : A, A' E> r' : C, and for all 
■\- v : A, L ((v/c))*r' ^r. 

If the first pattern is an and-pattern pi Ap 2 , we can use inversion 
to justify splitting each of the pattern lists in S. If the first pattern 
in a pattern list is p 1 A p 2 , then we can send it to pi,p 2 , and if 
it is T, we can send it to T, T. (As usual, the intuition is that T 
is equivalent to T A T.) Then, after the recursive call we can use 
pair introduction to construct the optimized pair pattern. However, 
we're not quite done — our context has two patterns ci and c 2 , and 
if we combined them with an and-pattern then we would potentially 
be forced to repeat tests, which we want to avoid. So we introduce 
an auxilliary function And, which satisfies the following property: 

PROPOSITION 16 (Conjunction Simplification). If we have that 
T; A, ci : A, c 2 : A, A' > r : C and • h v : A, then 

• (c; r') = And A (A; ci; c 2 ; r), 

• T; A, c : A, A' > r' : C, and 

• L {{ v / c ))a r ' r " if and only if L {{v/ci A c 2 )) A r r". 

It is worth looking at the pair pattern case in Figure 3 in a little 
more detail. It uses the exchange lemma to move the components 
of two pair patterns together - to change (ci,c 2 ) , {c[,c 2 ) into 
ci , c'x , c 2 , c 2 , so that the subcomponents of the pair patterns can be 
conjoined together. This illustrates why it was necessary to prove 
that substitution and the deep pattern operations could commute: 
changing this order implies changing the order that the patterns 
substitutions would be performed. 

This function follows the structure of the two pattern arguments, 
and when it reaches the pair-pair or sum-sum cases, it uses the 
deep inversion, introduction, and exchange algorithms to reorder 
the pattern hypotheses so that the tests can be merged. 

Finally, we reach the case where the head of the pattern con- 
text is the or-pattern pi V p 2 . For each element of S, the split- 
ting algorithm proceeds as follows. Each element of the form 
(Pi V P2, ■ ■ ■ ; ri V r 2 ) becomes two cases — (pi, T, . . . ; ri) 
and (T,p 2 , • • • ; r 2 ). We know via inversion that (pi, ... ; n) and 
(P2 , ■ ■ ■ ; r 2 ) are well-typed, and using top-introduction makes each 
element satisfy the compile invariant for pi : A,p 2 : A, . . .. Fur- 
thermore, any sequence of values v,v,. . . with a repeated value 
v will match one of these two elements exactly when the original 
would match 

So we can invoke Compile recursively, and receive (ci, c 2 , . . . ; r) 
as a return value. As in the and-pattern case, we can combine the 
ci and c 2 patterns with the And function to find a c that does the 
job. 

With the correctness of the compilation algorithm established, it 
is easy to show that the coverage algorithm of the previous section 
permits us to confidently invoke the pattern compiler. 

PROPOSITION 17 (Pattern Compilation). If we have that 

• p covers A andp det A, 

• T;p : A,A> r : C, and 

• ■ h v : A, 

then it is the case that 

• (c; r') = Compile(p : A;{(p, r)}), 

• L ((v/p)) A r r" if and only if L ((v/c)) A r' r" 

7. Extensions and Future Work 

This language is highly stylized, but some obvious extensions work 
out very easily. First, adding iso-recursive types fia.A is straight- 
forward. If we have a term roll(e) as the constructor for a recursive 



Compile^; {(•;»*)}) = 

(■;r) 

Compile(() : 1,A;S) = 

let split((T, qs;r)) = {(qs;r)} 
split(((},<?s;r)) = {(qs;r)} 
let (cs; r) = Compile(A; (J map split(S)) 

(Q,cs;r) 

Compile((pi,p 2 ) : Ai x A 2 , A; S) = 

let split((T, qs; r)) = {(T, T, qs; r)} 

split(((pi, p 2 ) ,qs;r)) = {(j>i,p 2 ,qs;r)} 

let (ci, C2, cs; r) = Compile(pi : A\,p 2 : A 2 , A; \J map split(S)) 

((ci,c 2 ) ,cs;r) 
Compile(Q : 0,p : A; S) = 

([]:0,T;D) 

Compile([pi | p 2 ]j > A 1 + A 2 ,p S) = 

let Left((T, p';r)) = {(T,j?;r)} 

Left(([pi |_P2],p';[n | r 2 ])) = {(pi,p';ri)} 

letRight((T,p r ;r))_={(T,^;r)} ^ 
Right(([pi | p 2 ], p'; [ri | r 2 })) = {(pi , p';r 2 )} 

let (ci , est ; n) = Compile(pi : A±,p : A; (J map Left(S')) 

let (c 2 , csl; r 2 ) = Compile(p 2 : A 2 , p : A; (J map Right(S)) 

let (cs; rj; r' 2 ) = Merge^.(ci : Ay, csi; ri; c 2 : A 2 ; ci5; r 2 ) 

([ci |P2],cJ;[ri \r' 2 \) 
Compile(x : A, A; S) = 

let split((T,gs;r)) = {(qs;r)} 
split((o;,gs;r)) = {(<?s;r)} 

let (cs; r) = Compile(A; (J map split(S)) 

(x, cs; r) 
Compile(T : A 1: A; 5) = 

let split((T,gs;r)) = {(qs;r)} 

let (cs; r) = Compile(A; (J map split(5)) 

(T, cs; r) 
Compile(pi A p 2 : Ai, A; S) = 

let split((T, qs; r)) = {(T, T, qs; r)} 

split((pi Ap 2 ,gs;r)) = {(pi,p 2 ,qs;r)} 

let (ci, c 2 , cs; r) = Compile(pi : A\ , p 2 : A\ , A; (J map split(5)) 

let (c; r') = And^Cs ci;c 2 ;r) 

(c, cs; r') 
Compile(± : Ai,A;5) = 

let split((T, qs; r)) = {(qs; r)} 
split((_L, qs;r)) = 0 

let (cs; r) = Compile(A; (J map split(S)) 

(T, cs; r) 
Compile(pi V p 2 : Ai, A; S) = 

let split((T, qs; r)) = {(T, T, <ys; r)} 

split((pi Vp 2 ,gs;ri V r 2 )) = {(pi, T, <js; ri), (T,p 2 , qs; r 2 )} 

let (ci, c 2 , cs; r) = Compile(pi : Ai , p 2 : A\ , A; (J map split(5)) 

let (c; r') = And A (-; a; c 2 ; r) 

(c, cs;r') 



Figure 2. Pattern Compilation 



type, then we can simply add a pattern roll (p) to the pattern lan- 
guge. We believe supporting System-F style polymorphism is also 
straightforward. Universal quantification Va. A is a negative con- 
nective, and so does not interact with the pattern language. Existen- 
tial quantification 3a. A is a positive connective with introduction 
form pack(A, e), and we can add a pattern pack(a,p) to support 
its elimination. 

Features such as GADTs (lones et al. 2006; Simonet and Pottier 
2007) and pattern matching for dependent types (Coquand 1992; 
Xi 2003; McBride 2003), are much more complicated. In both of 
these cases, matching against a term can lead to the discovery of 
information that refines the types in the rest of the match. This is a 
rather subtle interaction, and deserves further study. 



And A (A; T; c; r) = And A (A; c; T; r) = 

(c;r) 

And a (A; a; A ci ; c 2 ; r) = And a (A; ci ; 2; A C2; r) = 
let (c';r') = And^(A; ci; c 2 ; r) 
if c' = j/ A c" then (c'; [x/y]r') else(x A c'; r') 

Andi(A; ();x;r) = Andi(A;x; (};r) = 

And„(A; [];x;r) = And 0 (A ; x; [];r) = 

(Q;Abort 0 (A)) 
AndA X s(A;x; (ci,c 2 );r) = AndA X s(A; (ci , c 2 > ; x; r) = 

(x A (ci, c 2 ); r) 
AndA+s(A; x; [ci | c 2 ];r) = AndA+s(A; [ci | c 2 ]; x; r) = 

(xA [ci I c 2 ];r) 
And^CA; x; j/; r) = 

(x; [x/y]r) 
Andi(A;(>; <>;»■) = 

«>;»■) 

And 0 (A;Q;D;r) = 

([];Abort 0 (A)) 
And Ax s(A; (ci,c 2 >; (4, c' 2 ); r) = 

let (ci'; r') = And A (A; ci; c[; Ex(A, ci : A; c 2 : _B; c'j : A; r)) 

let (c 2 ';r") = And s (A;c 2 ;c 2 ;r') 

«ci',c' 2 '>;r") 
And A+s (A;[ Cl I c 2 ];[ci | c' 2 ];r) = 

let (ci';ri') = And A (A; ci; c' i; Outt(A, a : A; Outh(A; r))) 

let (c 2 ';r 2 ') = And s (A; c 2 ; c 2 ; Out^(A, c 2 : A; Out+(A; r))) 

([c'/ |c 2 '];Join + (A;ri';r 2 ')) 



Figure 3. Conjunction Simplification 



Another direction is to treat the proof term assignment discussed 
here as a lambda calculus in and of itself, rather than as a program- 
ming language, as we have done here. For example, we can use 
the exchange function to generalize the pattern substitution to deal 
with open terms and study properties like confluence and normal- 
ization. The presence of sums makes this a trickier question than it 
may seem at first glance; focusing seems to eliminate the need for 
some, but not all, of the commuting conversions for sum types. 

Finally, we should more carefully study the implications for 
implementation. A simple ML implementation of the algorithms 
given in this paper can be found at the author's web site, but it 
is difficult to draw serious conclusions from it because so little 
engineering effort has gone into it. 

However, a few prelimary observations are possible. Imple- 
menting coverage checking is very easy - it is roughly 80 lines 
of ML code. This closely follows the inference rules given above, 
with the the addition of memoization to avoid repeatedly trying 
to find failure derivations of the same sequence of patterns. This 
seems to suffice for the sorts of patterns we write by hand; it is not 
clear whether there are (easily-avoidable) pathological cases that 
machine-generated programs might exhibit. A more-or-less direct 
transliteration of the pattern compiler is in the neighborhood of 300 
lines of ML. While it is reasonably fast on small hand-written ex- 
amples, it should probably not be used in a production compiler. In 
particular, the Merge* algorithm is implemented via iterated calls 
to Merge, which can result in an enormous number of redundant 
traversals of the pattern tree. This was done to simplify the correct- 
ness proof, but a production implementation should avoid that. 

8. Related Work 

We first learned to view pattern matching as arising from the in- 
vertible left rules of the sequent calculus due to the work of Kesner 
et al. (1996), and Cerrito and Kesner (2004). We have extended 
their work by building on a focused sequent calculus. This permits 



Merge A (Ai;T;ri; A 2 ;c 2 ;r 2 ) = 
Merge A (A 2 ;c 2 ;r 2 ; Ai;T;n) = 

let r[ = Weaken J 4(Ai; c 2 ; n) 

(c 2 ;ri;r 2 ) 
Merge A (Ai;x;n; A 2 ;c 2 ;r 2 ) = 
Merge A (A 2 ;c 2 ;r 2 ; Ai;x;n) = 

let r[ = Weaken a (Ai; c 2 ; ri) 

let (c; r' 2 ) = And A (A 2 ; x; c 2 ;r 2 ) 

(c; r[;r' 2 ) 

Merge A (Ai;x A ci;ri; A 2 ; c 2 ; r 2 ) = 
Merge A (A 2 ; c 2 ; r 2 ; Ai;x A ci;ri) = 

let (c'; r[; r' 2 ) = Merge A (Ai; ci; n; A 2 ; c 2 ; r 2 ) 

let (c";ri') = And A (A i; x;ci;ri) 

let (_;r 2 ') = And A (A 2 ; x; c' 2 ; r' 2 ) 

(c";r-i';r 2 ') 
Merge 1 (Ai;<);ri;A 2 ;0;»-2) = 

«>;n;r 2 ) 

Merge 0 (Ai; [];n; A 2 ; [];r 2 ) = 

([];Abortn(Ai);Abort 0 (A 2 )) 
Mer S e Axs( A i; (ci,c 2 );n; A 2 ; (c' 1 ,c' 2 );r 2 ) = 

let (ci';ri;r 2 ) = Merge A (Ai; a; n; A 2 ; ci; r 2 ) 

let (c 2 '; ri'; r 2 ') = Merge s (Ai, c'{ : A; c 2 ; r[ ; A 2 , d{ : A; c' 2 ; r' 2 ) 

«ci',c 2 ');ri';r 2 ') 
Mer S e A+s( A i;[ c l I c 2 ];n;A 2 ;[ci | c' 2 ];r 2 ) = 

let (ci';ri;r 2 ) = Merge A (Ai; ci; OutWAi; ri); A 2; ci; Outh (A 2 : 

let (c'J,;r'{;r' 2 r ) = Merge s (Ai; c 2 ; Out^(Ai; n); A 2 ; c' 2 ; Out^ (A 2 

([ci I c 2 ']; Join + (Ai;ri;ri'); Join+(A 2 ; r 2 ; r 2 ')) 

Weaken A (A; T; r) = r 
Weaken A (A; x;r) = r 
Weakeni(A; (); r) = r 
Weaken 0 (A; Q;r) = Abort 0 (A) 
Weaken A (A; x A c; r) = Weaken A (A; c; r) 
Weaken A xB(A; (ci,c 2 );r) = 

Weakens(A, ci : A; c 2 ; Weaken A (A; c\ ; r)) 
WeakenA+s(A; [ci | c 2 ];r) = 

Join + (A; Weaken a (A; c\ ; r); Weaken s (A; c 2 ; r)) 



Figure 4. Pattern Merge 



us to give a simpler treatment; the use of an ordered context allows 
us to eliminate the communication variables they used to link sum 
patterns and their bodies. Furthermore, our failure and nondeter- 
ministic choice patterns permit us to explain the sequential pattern 
matching found in functional languages, coverage checking, and 
pattern compilation. 

Focusing was introduced by Andreoli (1992), in order to con- 
strain proof search for linear logic. Pfenning (in unpublished lec- 
ture notes) gives a simple focused calculus for intuitionistic logic, 
and Liang and Miller (2007) give calculi for focused intuitionistic 
logic, which they relate to both linear and classical logic. Neither of 
these have proof terms. Zeilberger (2007) gives a focused calculus 
based on Dummett's notion of logical harmony (Dummett 1991). 
This calculus does not have a coverage algorithm; instead coverage 
is a side-condition of his typing rules. 

Our pattern substitution is a restricted form of hereditary substi- 
tution, which Watkins et al. (2004) introduced as a way of reflect- 
ing the computational content of structural proofs of cut admissi- 
bility (Pfenning 2000). 

In his work on Ludics, Girard (2001) introduced the idea of the 
daimon, a sequent which corresponds to a failed proof. Introducing 
such sequents can give a logical calculus certain algebraic closure 
properties, at the cost of soundness. However, once the requisite 
properties have been used, we can verify that we have any given 
proof is genuine by checking that the undesirable sequents are not 
present. This is an idea we exploited with the introduction of the _L 



and pi V p2 patterns, which make our language of patterns closed 
under complement. 

Zeilberger (2008) gives a higher-order focused calculus. In this 
style of presentation, the inversion judgement is given as a single 
infinitary rule, defined using the functions of the ambient meta- 
logic, rather than the explicit collection of rules we gave. The virtue 
of their approach is that it defers questions of coverage and de- 
composition order into the metalogic. However, this is precisely 
the question we wanted to explicitly reason about. 

In real compilers, there are two classical approaches to compil- 
ing pattern matching, either by constructing a decision tree (de- 
scribed by Cardelli (1984) and Pettersson (1992)) or building a 
backtracking automaton (described by Augustsson (1985)). Our 
calculus uniformly represents both approaches, since backtracking 
can be represented with the use of the nondeterministic disjunction 
pattern pi V P2 and the abort pattern [], and case splitting is rep- 
resented with the sum-pattern [pi | p?]. This lets us view pattern 
compilation as a source-to-source transformation, which simplifies 
the correctness arguments. 

Fessant and Maranget (2001) describe a modern algorithm for 
pattern compilation which operates over matrices of patterns. Their 
algorithm tries to make use of an efficient mix of backtracking 
and branching, whereas our compilation algorithm builds a pure 
decision tree. It might be possible to find a presentation of their 
ideas without having to explicitly talk about low-level jumps and 
gotos, by replacing pV p' with a biased choice that always tries p 
first. 

Maranget (2007) also describes an algorithm for generating 
warnings for non-exhaustive matches and useless clauses. This 
algorithm is a specialized version of the decision tree compilation 
algorithm which returns a boolean instead of a tree. However, 
his correctness proof is not as strong as ours: Maranget defines a 
matching relation and shows that a complete pattern will always 
succeed on a match, but the connection between the matching 
relation and the language semantics is left informal. 

Sestoft (1996) shows how to generate pattern matching code via 
partial evaluation. This ensures the correctness of the compilation, 
but he does not consider the question of coverage checking. 

Jay (2004) has also introduced a pattern calculus. Roughly, he 
takes the view that datatypes are just subsets of the universe of 
program terms (like Prolog's Herbrand universe), and then allows 
defining programs to match on the underlying tree representations 
of arbitrary data. This approach to pattern matching is very expres- 
sive, but its extremely intensional nature means its compatibility 
with data abstraction is unclear. 

The work on the p-calculus (Cirstea and Kirchner 2001) is an- 
other general calculus of pattern matching. It treats terms similarly 
to Jay's pattern calculus. Additionally, it uses the success or failure 
of matching as a control primitive, similar to the way that false- and 
or-patterns work in this work. However, the focus in this paper was 
on the case where the nondeterminism is inessential, rather than 
exploring its use as a basic control mechanism. 
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